- up to 4.9.263

[packages/kernel.git] / kernel-owner-xid.patch

diff --git a/kernel-owner-xid.patch b/kernel-owner-xid.patch
index d2c27dc03f939148321275380c22b35218e150f1..188e0a52e72f8e67127d7d988eed789f7115a2ad 100644 (file)
--- a/kernel-owner-xid.patch
+++ b/kernel-owner-xid.patch
@@ -1,7 +1,7 @@
-diff -upr linux-2.6.25/include/linux/netfilter/xt_owner.h linux-2.6.25-owner-xid/include/linux/netfilter/xt_owner.h
---- linux-2.6.25/include/linux/netfilter/xt_owner.h    2008-04-17 02:49:44.000000000 +0000
-+++ linux-2.6.25-owner-xid/include/linux/netfilter/xt_owner.h  2008-05-20 18:36:38.074950561 +0000
-@@ -5,12 +5,16 @@ enum {
+diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/netfilter/xt_owner.h linux-4.9/include/uapi/linux/netfilter/xt_owner.h
+--- linux-4.9/include/uapi/linux/netfilter/xt_owner.h  2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/include/uapi/linux/netfilter/xt_owner.h  2021-02-24 15:31:31.354043397 +0100
+@@ -7,12 +7,16 @@ enum {
        XT_OWNER_UID    = 1 << 0,
        XT_OWNER_GID    = 1 << 1,
        XT_OWNER_SOCKET = 1 << 2,
@@ -10,112 +10,20 @@ diff -upr linux-2.6.25/include/linux/netfilter/xt_owner.h linux-2.6.25-owner-xid
  };
  
  struct xt_owner_match_info {
-       u_int32_t uid_min, uid_max;
-       u_int32_t gid_min, gid_max;
-       u_int8_t match, invert;
-+      u_int32_t nid;
-+      u_int32_t xid;
+       __u32 uid_min, uid_max;
+       __u32 gid_min, gid_max;
+       __u8 match, invert;
++      __u32 nid;
++      __u32 xid;
  };
  
  #endif /* _XT_OWNER_MATCH_H */
-Only in linux-2.6.25-owner-xid/include/linux/netfilter: xt_owner.h~
-diff -upr linux-2.6.25/include/linux/netfilter_ipv4/ipt_owner.h linux-2.6.25-owner-xid/include/linux/netfilter_ipv4/ipt_owner.h
---- linux-2.6.25/include/linux/netfilter_ipv4/ipt_owner.h      2008-05-20 17:15:02.411418369 +0000
-+++ linux-2.6.25-owner-xid/include/linux/netfilter_ipv4/ipt_owner.h    2008-05-20 17:16:22.905886167 +0000
-@@ -1,12 +1,16 @@
- #ifndef _IPT_OWNER_H
- #define _IPT_OWNER_H
- 
-+#include <linux/types.h>
-+
- /* match and invert flags */
- #define IPT_OWNER_UID 0x01
- #define IPT_OWNER_GID 0x02
- #define IPT_OWNER_PID 0x04
- #define IPT_OWNER_SID 0x08
- #define IPT_OWNER_COMM        0x10
-+#define IPT_OWNER_NID 0x20
-+#define IPT_OWNER_XID 0x40
- 
- struct ipt_owner_info {
-     uid_t uid;
-@@ -15,6 +19,8 @@ struct ipt_owner_info {
-     pid_t sid;
-     char comm[16];
-     u_int8_t match, invert;   /* flags */
-+    u_int32_t nid;
-+    u_int32_t xid;
- };
- 
- #endif /*_IPT_OWNER_H*/
-diff -upr linux-2.6.25/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.6.25-owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h
---- linux-2.6.25/include/linux/netfilter_ipv6/ip6t_owner.h     2008-05-20 17:15:02.411418369 +0000
-+++ linux-2.6.25-owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h   2008-05-20 17:16:22.905886167 +0000
-@@ -1,11 +1,15 @@
- #ifndef _IP6T_OWNER_H
- #define _IP6T_OWNER_H
- 
-+#include <linux/types.h>
-+
- /* match and invert flags */
- #define IP6T_OWNER_UID        0x01
- #define IP6T_OWNER_GID        0x02
- #define IP6T_OWNER_PID        0x04
- #define IP6T_OWNER_SID        0x08
-+#define IP6T_OWNER_NID        0x20
-+#define IP6T_OWNER_XID        0x40
- 
- struct ip6t_owner_info {
-     uid_t uid;
-@@ -13,6 +17,8 @@ struct ip6t_owner_info {
-     pid_t pid;
-     pid_t sid;
-     u_int8_t match, invert;   /* flags */
-+    u_int32_t nid;
-+    u_int32_t xid;
- };
- 
- #endif /*_IPT_OWNER_H*/
-diff -upr linux-2.6.25/net/netfilter/xt_owner.c linux-2.6.25-owner-xid/net/netfilter/xt_owner.c
---- linux-2.6.25/net/netfilter/xt_owner.c      2008-05-20 17:15:02.411418369 +0000
-+++ linux-2.6.25-owner-xid/net/netfilter/xt_owner.c    2008-05-20 17:48:15.774419069 +0000
-@@ -46,6 +46,16 @@ owner_mt_v0(const struct sk_buff *skb, c
-                   !!(info->invert & IPT_OWNER_GID))
-                       return false;
- 
-+      if (info->match & IPT_OWNER_NID)
-+              if ((skb->sk->sk_nid != info->nid) ^
-+                  !!(info->invert & IPT_OWNER_NID))
-+                      return 0;
-+
-+      if (info->match & IPT_OWNER_XID)
-+              if ((skb->sk->sk_xid != info->xid) ^
-+                  !!(info->invert & IPT_OWNER_XID))
-+                      return 0;
-+
-       return true;
- }
- 
-@@ -75,6 +85,16 @@ owner_mt6_v0(const struct sk_buff *skb, 
-                   !!(info->invert & IP6T_OWNER_GID))
-                       return false;
- 
-+      if (info->match & IP6T_OWNER_NID)
-+              if ((skb->sk->sk_nid != info->nid) ^
-+                  !!(info->invert & IP6T_OWNER_NID))
-+                      return 0;
-+
-+      if (info->match & IP6T_OWNER_XID)
-+              if ((skb->sk->sk_xid != info->xid) ^
-+                  !!(info->invert & IP6T_OWNER_XID))
-+                      return 0;
-+
-       return true;
- }
- 
-@@ -113,6 +133,16 @@ owner_mt(const struct sk_buff *skb, cons
-                   !(info->invert & XT_OWNER_GID))
+diff -urNp -x '*.orig' linux-4.9/net/netfilter/xt_owner.c linux-4.9/net/netfilter/xt_owner.c
+--- linux-4.9/net/netfilter/xt_owner.c 2016-12-11 20:17:54.000000000 +0100
++++ linux-4.9/net/netfilter/xt_owner.c 2021-02-24 15:31:31.354043397 +0100
+@@ -97,6 +97,16 @@ owner_mt(const struct sk_buff *skb, stru
                        return false;
+       }
  
 +      if (info->match & XT_OWNER_NID)
 +              if ((skb->sk->sk_nid != info->nid) ^
@@ -130,4 +38,3 @@ diff -upr linux-2.6.25/net/netfilter/xt_owner.c linux-2.6.25-owner-xid/net/netfi
        return true;
  }
  
-Only in linux-2.6.25-owner-xid/net/netfilter: xt_owner.c~